We use cookies to customise content for your subscription and for analytics.If you continue to browse Lexology, we will assume that you are happy to receive all our cookies. For further information please read our Cookie Policy.

The Securities and Exchange Commission has published its findings after a year-long observation of cybersecurity preparedness at more than 100 broker-dealers and investment advisers. In a Risk Alert issued by the Office of Compliance Inspections and Examinations, the SEC found that the majority of observed money-management firms have experienced cyber attacks and responded to them through plans and procedures contained within written information security policies. However, it found that while most firms conduct periodic risk assessments, many do not apply their cybersecurity requirements to contracts with third-party vendors that can access the firms’ networks. The SEC’s concerns were echoed by the Financial Industry Regulatory Authority in a concurrent report on breaches at investment banks, clearing firms, online brokerages, high-frequency traders, and independent dealers. In its examination of about 20 financial firms, FINRA found that large institutions tend to have sophisticated cybersecurity systems, while smaller firms are more likely to have inadequate procedures for preventing, reporting and responding to cyber attacks.

Compare jurisdictions: BYOD: Bring Your Own Device

“I enjoy the CLANZ newsstand and find it highly relevant to my job. I definitely have forwarded various articles to my colleagues on occasion where there is a point of general interest, particularly employment or IT law. I really appreciate the service, it's a quick way for me to keep up to date in a way I wouldn't otherwise have time to.”